Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Layer 7 firewall filter-log

Locked
 
tomasz
just joined
Topic Author
Posts: 4
Joined: Thu Feb 23, 2017 2:44 pm

Layer 7 firewall filter-log

Thu Feb 23, 2017 2:51 pm

Hello.
I have configured Layer 7 firewall filter. It is working properly. I would like to know what URLs are blocked. In logs I see only:
Code: Select all
Jan  2 14:15:43 10.10.20.1 firewall,info forward: in:ether1-gateway out:ether3-slave-local, src-mac Y:Y:Y:Y:Y:Y, proto UDP, 8.8.8.8:53->192.168.101.254:61373, NAT 8.8.8.8:53->(X.X.X.X:61373->192.168.101.254:61373), len 70
Is there any possibility to get information that URL domain.com was blocked by Layer 7 filter and src-ip was 192.168.101.254.
Thank you for your help.
Top
 
gustavomam
Trainer
Trainer
Posts: 287
Joined: Tue Jul 23, 2013 6:29 pm
Location: Spain
Contact:
Contact gustavomam

Re: Layer 7 firewall filter-log

Thu Feb 23, 2017 5:05 pm

check this link, it will help you to identify the IP origin

http://cqcounter.com/whois/
Top
 
tomasz
just joined
Topic Author
Posts: 4
Joined: Thu Feb 23, 2017 2:44 pm

Re: Layer 7 firewall filter-log

Thu Feb 23, 2017 5:19 pm

check this link, it will help you to identify the IP origin

http://cqcounter.com/whois/
Hello Gustavomam.
Thank you for reply. I know about whois, but it isn't what I am looking for. In log I get only:
Code: Select all
Feb 23 14:58:41 10.10.20.1 firewall,info forward: in:ether1-gateway out:ether3-slave-local, proto UDP, DNS_SERVER_IP:53->192.168.101.21:64154, NAT DNS_SERVER_IP:53->(My_public_IP:64154->192.168.101.21:64154), len 70
I only get in log my public IP and DNS Server IP. Is there any possibility to get info what URL was blocked?
Top
 
gustavomam
Trainer
Trainer
Posts: 287
Joined: Tue Jul 23, 2013 6:29 pm
Location: Spain
Contact:
Contact gustavomam

Re: Layer 7 firewall filter-log

Thu Feb 23, 2017 5:24 pm

The think is that an IP could not warranty an URL.

Many URLs could resolve an IP, and IP can be resolve in many URLs

Even worse, the IP could belong to an Content Delivery Network (CDN) and work for multiple networks sites.

You can use this page instead

https://mxtoolbox.com/ReverseLookup.aspx
Top
 
tomasz
just joined
Topic Author
Posts: 4
Joined: Thu Feb 23, 2017 2:44 pm

Re: Layer 7 firewall filter-log

Thu Feb 23, 2017 6:00 pm

The think is that an IP could not warranty an URL.

Many URLs could resolve an IP, and IP can be resolve in many URLs

Even worse, the IP could belong to an Content Delivery Network (CDN) and work for multiple networks sites.

You can use this page instead

https://mxtoolbox.com/ReverseLookup.aspx
I thought that it is possible to see what url was blocked, because I have defined Regexp with url's.
What do you suggest to use instead of Layer 7 firewall to block access to website and to see which websites were blocked?
Top
 
gustavomam
Trainer
Trainer
Posts: 287
Joined: Tue Jul 23, 2013 6:29 pm
Location: Spain
Contact:
Contact gustavomam

Re: Layer 7 firewall filter-log

Thu Feb 23, 2017 6:03 pm

Check this out
http://www.ntop.org/ntopng/how-to-analy ... ng-ntopng/
Top
Locked

Who is online

Users browsing this forum: anav, GmbH and 46 guests
  4. RouterOS
  5. Beginner Basics